If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

This is along the same lines, olly is showing up 75e00000 refenced memory at 41414141 .
I have tryed point the memory location to some locations.
When I ran the exploit to the crash, i then run again, and then olly dies.

Need some more details about what you are doing and what exactly changed between the overwrite with \x41 and the time where you tried to point the crash location elsewhere. Also, what do you mean when you say Olly dies?

Do you know what type of overwrite this is? Stack based? Direct EIP or SEH? How you are feeding the buffer to the program (STDIN, network socket?)

Perhaps give a step by step of what your buffer contains during the \41 overwrite and when you try to point the buffer to a particular location, exactly what Olly does in response to each buffer.

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

Need some more details about what you are doing and what exactly changed between the overwrite with \x41 and the time where you tried to point the crash location elsewhere. Also, what do you mean when you say Olly dies?

Do you know what type of overwrite this is? Stack based? Direct EIP or SEH? How you are feeding the buffer to the program (STDIN, network socket?)

Perhaps give a step by step of what your buffer contains during the \41 overwrite and when you try to point the buffer to a particular location, exactly what Olly does in response to each buffer.

It calls seh, I send it to the progam with a network socket. Eip is the address of a cmp [ecx],eax were ecx conatins 41414141.
after it shows up saying tryed to refence memory, i click run it comes up again, i then hit run and olly closes(not in task bar)
There are a coulpe of place in the program were safeseh is off.

It calls seh, I send it to the progam with a network socket. Eip is the address of a cmp [ecx],eax were ecx conatins 41414141.
after it shows up saying tryed to refence memory, i click run it comes up again, i then hit run and olly closes(not in task bar)
There are a coulpe of place in the program were safeseh is off.

Ive never had Olly do that to me before. Are you using the default config?

If you are doing an SEH overwrite, why don't you try and use a POP, POP, RET, thats the usual way to get code execution.

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

Ive never had Olly do that to me before. Are you using the default config?

If you are doing an SEH overwrite, why don't you try and use a POP, POP, RET, thats the usual way to get code execution.

My sound a bit.. Do i add the address of the start of a pop pop ret into ecx, as. like 77c40000? , I have try things like that push ecx,call , as well has a short jump, all just display the string of the commands at address 77c40000 in ecx.
It goes into the exception handler, but ecx just gets zeroed out